So much has been written about SQL Injection, yet such attacks continue to succeed, even against security conmsultants’ websites. The problem is often that only part of the solution is described, whereas the best practice requires the use of defense in depth.